package com.ygqh.baby.shiro.credentials;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;

public class YgFormAuthenticationFilter extends FormAuthenticationFilter{

	@Override
	 protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
	    if (isLoginRequest(request, response)) {  
            if (isLoginSubmission(request, response)) {  
                return executeLogin(request, response);  
            } else {  
                return true;  
            }  
        } else {         	
        		
        	HttpServletRequest ajaxrequest=WebUtils.toHttp(request);     	

        	if(ajaxrequest.getHeader("X-Requested-With") != null  && "XMLHttpRequest".equals(ajaxrequest.getHeader("X-Requested-With").toString()))
        	{
                HttpServletResponse res = WebUtils.toHttp(response); 
                res.setHeader("loginStatus", "accessDenied");
                 
            }else{
            	saveRequestAndRedirectToLogin(request, response);  
            }
        	 return false;  
          
        }  
	    }
}
